linked against Go process enumeration library

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: linked against Go process enumeration library
    namespace: host-interaction/process/list
    authors:
      - joakim@intezer.com
    description: Enumerating processes using a Go library
    scopes:
      static: file
      dynamic: file
    att&ck:
      - Discovery::Process Discovery [T1057]
      - Discovery::Software Discovery [T1518]
    references:
      - https://pkg.go.dev/github.com/mitchellh/go-ps
  features:
    - and:
      - match: compiled with Go
      - or:
        - string: "github.com/mitchellh/go-ps.FindProcess"
        - string: "github.com/mitchellh/go-ps.Processes"

last edited: 2023-11-24 10:34:28